[Openswan Users] no connection has been authorized
Jacco de Leeuw
jacco2 at dds.nl
Sun Aug 7 20:00:28 CEST 2005
OK, the gateway firewall was doing DNAT to the Openswan server.
That was not indicated in the diagram.
Here are my new suggestions:
- Change 192.168.0.80 and 192.168.0.52 to something that is
not a private IP address, e.g. 1.1.1.1 and 1.1.1.2.
- Don't use 10.0.0.0/8 for the internal network. If your users
happen to use a 10.x.x.x network at home they won't be able
to connect. Use 192.168.x.0/24 or 10.x.x.0/24 or something
like that. Let's say you use 192.168.2.0/24 in the remainder.
The Openswan server is at 192.168.2.1 and the gateway firewall
doing NAT is at 192.168.2.2.
> virtual_private=%v4:172.16.0.0/12,%v4:192.168.0.0/24
- Change this to:
virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16,%v4:!192.168.2.0/24
> compress=yes
- Compression is not supported by Windows clients so this will be ignored.
> left=192.168.0.52
> leftnexthop=10.0.0.2
- This will then become:
left=192.168.2.1
leftnexthop=192.168.2.2
> leftsubnet=10.0.0.0/8
- Remove the leftsubnet line.
> #rightsubnet=192.168.1.0/24
- This should be:
rightsubnet=vhost:%no,%priv
Jacco
--
Jacco de Leeuw mailto:jacco2 at dds.nl
Zaandam, The Netherlands http://www.jacco2.dds.nl
More information about the Users
mailing list